Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2071

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2015-2071
Last Modified 25 Feb 2015 12:52:50
Published 24 Feb 2015 12:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-2071

Summary

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.

Vulnerable Systems

Application

  • Etouch Samepage 4.4.0.0.239


References

EXPLOIT-DB - 36089

FULLDISC - 20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities

MISC - http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html

OSVDB - 118357


Last Updated: 27 May 2016 11:07:57